ROS-20260505-73-0074

A vulnerability in the ngxstreamsslmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote intruder to bypass security restrictions and gain unauthorized access to protected...

K000160368: NGINX ngx_stream_ssl_module vulnerability CVE-2026-28755

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP...